Add libtiff 4.0.7 for various bugs

18 files changed, 191 insertions, 1 deletions

diff --git a/REUSE.toml b/REUSE.toml
index dd67ed5..33b099c 100644
--- a/REUSE.toml
+++ b/REUSE.toml
@@ -47,6 +47,56 @@ SPDX-FileCopyrightText = '2016 Agostino Sarubbo'
 SPDX-License-Identifier = 'CC0-1.0'
 
 [[annotations]]
+path = 'bugs/cve/2016/10092/heapoverflow.tiff'
+SPDX-FileCopyrightText = '2016 Agostino Sarubbo'
+SPDX-License-Identifier = 'CC0-1.0'
+
+[[annotations]]
+path = 'bugs/cve/2016/10093/heapoverflow.tiff'
+SPDX-FileCopyrightText = '2016 Agostino Sarubbo'
+SPDX-License-Identifier = 'CC0-1.0'
+
+[[annotations]]
+path = 'bugs/cve/2016/10094/heapoverflow.tiff'
+SPDX-FileCopyrightText = '2016 Agostino Sarubbo'
+SPDX-License-Identifier = 'CC0-1.0'
+
+[[annotations]]
+path = 'bugs/cve/2016/10266/fpe.tiff'
+SPDX-FileCopyrightText = '2016 Agostino Sarubbo'
+SPDX-License-Identifier = 'CC0-1.0'
+
+[[annotations]]
+path = 'bugs/cve/2016/10267/fpe.tiff'
+SPDX-FileCopyrightText = '2016 Agostino Sarubbo'
+SPDX-License-Identifier = 'CC0-1.0'
+
+[[annotations]]
+path = 'bugs/cve/2016/10268/heapoverflow.tiff'
+SPDX-FileCopyrightText = '2016 Agostino Sarubbo'
+SPDX-License-Identifier = 'CC0-1.0'
+
+[[annotations]]
+path = 'bugs/cve/2016/10270/heapoverflow.tiff'
+SPDX-FileCopyrightText = '2016 Agostino Sarubbo'
+SPDX-License-Identifier = 'CC0-1.0'
+
+[[annotations]]
+path = 'bugs/cve/2016/10271/heapoverflow.tiff'
+SPDX-FileCopyrightText = '2016 Agostino Sarubbo'
+SPDX-License-Identifier = 'CC0-1.0'
+
+[[annotations]]
+path = 'bugs/cve/2016/10272/heapoverflow.tiff'
+SPDX-FileCopyrightText = '2016 Agostino Sarubbo'
+SPDX-License-Identifier = 'CC0-1.0'
+
+[[annotations]]
+path = 'bugs/cve/2017/5225/*.tiff'
+SPDX-FileCopyrightText = '2017 Li Yuekang'
+SPDX-License-Identifier = 'CC0-1.0'
+
+[[annotations]]
 path = 'bugs/cve/2017/5969/crash-libxml2-recover.xml'
 SPDX-FileCopyrightText = '2016 Gustavo Grieco'
 SPDX-License-Identifier = 'CC0-1.0'
@@ -57,6 +107,26 @@ SPDX-FileCopyrightText = '2017 Phạm Văn Thuận'
 SPDX-License-Identifier = 'CC0-1.0'
 
 [[annotations]]
+path = 'bugs/cve/2017/7595/fpe.tiff'
+SPDX-FileCopyrightText = '2017 Agostino Sarubbo'
+SPDX-License-Identifier = 'CC0-1.0'
+
+[[annotations]]
+path = 'bugs/cve/2017/7599/outside-short.tiff'
+SPDX-FileCopyrightText = '2017 Agostino Sarubbo'
+SPDX-License-Identifier = 'CC0-1.0'
+
+[[annotations]]
+path = 'bugs/cve/2017/7600/outside-unsigned-char.tiff'
+SPDX-FileCopyrightText = '2017 Agostino Sarubbo'
+SPDX-License-Identifier = 'CC0-1.0'
+
+[[annotations]]
+path = 'bugs/cve/2017/7601/shift-long.tiff'
+SPDX-FileCopyrightText = '2017 Agostino Sarubbo'
+SPDX-License-Identifier = 'CC0-1.0'
+
+[[annotations]]
 path = 'bugs/cve/2017/14745/crash_1'
 SPDX-FileCopyrightText = '2017 Junchao Luan'
 
diff --git a/bugs/README.md b/bugs/README.md
index a431934..08e88ce 100644
--- a/bugs/README.md
+++ b/bugs/README.md
@@ -17,7 +17,7 @@
       guix shell -e '(@@ (loftix bugs) binutils-2.29-asan)'
       nm -l cve/2017/15020/reproducer
 
-- CVE-2017-15025: [divide-by-zero][sourceware-22186]
+- CVE-2017-15025: [division by zero][sourceware-22186]
 
       guix shell -e '(@@ (loftix bugs) binutils-2.29)'
       nm -l cve/2017/15025/3899.crashes.bin
@@ -77,6 +77,74 @@
       guix shell -e '(@@ (loftix bugs) libjpeg-turbo-2.0.1-asan)'
       djpeg -colors 256 -bmp cve/2018/19664/heap-buffer-overflow-2.jpg
 
+## libtiff
+
+- CVE-2016-10092: [heap buffer overflow][maptools-2622]
+
+      guix shell -e '(@@ (loftix bugs) libtiff-4.0.7-asan)'
+      tiffcrop -i cve/2016/10092/heapoverflow.tiff /dev/null
+
+- CVE-2016-10093: [heap buffer overflow][maptools-2610]
+
+      guix shell -e '(@@ (loftix bugs) libtiff-4.0.7-asan)'
+      tiffcp -i cve/2016/10093/heapoverflow.tiff /dev/null
+
+- CVE-2016-10094: [heap buffer overflow][maptools-2640]
+
+      guix shell -e '(@@ (loftix bugs) libtiff-4.0.7-asan)'
+      tiff2pdf cve/2016/10094/heapoverflow.tiff -o /dev/null
+
+- CVE-2016-10266: [division by zero][maptools-2596]
+
+      guix shell -e '(@@ (loftix bugs) libtiff-4.0.7)'
+      tiffcp cve/2016/10266/fpe.tiff /dev/null
+
+- CVE-2016-10267: [division by zero][maptools-2611]
+
+      guix shell -e '(@@ (loftix bugs) libtiff-4.0.7)'
+      tiffmedian cve/2016/10267/fpe.tiff /dev/null
+
+- CVE-2016-10268: [heap buffer overflow][maptools-2598]
+
+      guix shell -e '(@@ (loftix bugs) libtiff-4.0.7-asan)'
+      tiffcp -i cve/2016/10268/heapoverflow.tiff /dev/null
+
+- CVE-2016-10271: [heap buffer overflow][maptools-2620]
+
+      guix shell -e '(@@ (loftix bugs) libtiff-4.0.7-asan)'
+      tiffcrop -i cve/2016/10271/heapoverflow.tiff /dev/null
+
+- CVE-2016-10272: [heap buffer overflow][maptools-2624]
+
+      guix shell -e '(@@ (loftix bugs) libtiff-4.0.7-asan)'
+      tiffcrop -i cve/2016/10272/heapoverflow.tiff /dev/null
+
+- CVE-2017-5225: [heap buffer overflow][maptools-2656]
+
+      guix shell -e '(@@ (loftix bugs) libtiff-4.0.7-asan)'
+      tiffcp -p separate cve/2017/5225/2656.tiff /dev/null
+      tiffcp -p contig cve/2017/5225/2657.tiff /dev/null
+
+- CVE-2017-7595: [division by zero][maptools-2653]
+
+      guix shell -e '(@@ (loftix bugs) libtiff-4.0.7)'
+      tiffcp -i cve/2017/7595/fpe.tiff /dev/null
+
+- cve-2017-7599: [float cast overflow][maptools-2646]
+
+      guix shell -e '(@@ (loftix bugs) libtiff-4.0.7-ubsan-float-cast-overflow)'
+      tiffcp -i cve/2017/7599/outside-short.tiff /dev/null
+
+- cve-2017-7600: [float cast overflow][maptools-2647]
+
+      guix shell -e '(@@ (loftix bugs) libtiff-4.0.7-ubsan-float-cast-overflow)'
+      tiffcp -i cve/2017/7600/outside-unsigned-char.tiff /dev/null
+
+- CVE-2017-7601: [signed integer overflow][maptools-2648]
+
+      guix shell -e '(@@ (loftix bugs) libtiff-4.0.7-ubsan)'
+      tiffcp -i cve/2017/7601/shift-long.tiff /dev/null
+
 ## libxml2
 
 - CVE-2012-5134: [heap buffer overflow][chromium-40076524]
@@ -116,6 +184,19 @@
 [libarchive-717]: https://github.com/libarchive/libarchive/issues/717
 [libjpeg-turbo-258]: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258
 [libjpeg-turbo-305]: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305
+[maptools-2596]: https://bugzilla.maptools.org/show_bug.cgi?id=2596
+[maptools-2598]: https://bugzilla.maptools.org/show_bug.cgi?id=2598
+[maptools-2610]: https://bugzilla.maptools.org/show_bug.cgi?id=2610
+[maptools-2611]: https://bugzilla.maptools.org/show_bug.cgi?id=2611
+[maptools-2620]: https://bugzilla.maptools.org/show_bug.cgi?id=2620
+[maptools-2622]: https://bugzilla.maptools.org/show_bug.cgi?id=2622
+[maptools-2624]: https://bugzilla.maptools.org/show_bug.cgi?id=2624
+[maptools-2640]: https://bugzilla.maptools.org/show_bug.cgi?id=2640
+[maptools-2646]: https://bugzilla.maptools.org/show_bug.cgi?id=2646
+[maptools-2647]: https://bugzilla.maptools.org/show_bug.cgi?id=2647
+[maptools-2648]: https://bugzilla.maptools.org/show_bug.cgi?id=2648
+[maptools-2653]: https://bugzilla.maptools.org/show_bug.cgi?id=2653
+[maptools-2656]: https://bugzilla.maptools.org/show_bug.cgi?id=2656
 [mozjpeg-268]: https://github.com/mozilla/mozjpeg/issues/268
 [oss-sec-20161105-3]: https://www.openwall.com/lists/oss-security/2016/11/05/3
 [redhat-955808]: https://bugzilla.redhat.com/show_bug.cgi?id=955808
diff --git a/bugs/cve/2016/10092/heapoverflow.tiff b/bugs/cve/2016/10092/heapoverflow.tiff
new file mode 100644
index 0000000..2cd863d
--- /dev/null
+++ b/bugs/cve/2016/10092/heapoverflow.tiff
Binary files differdiff --git a/bugs/cve/2016/10093/heapoverflow.tiff b/bugs/cve/2016/10093/heapoverflow.tiff
new file mode 100644
index 0000000..1dceea1
--- /dev/null
+++ b/bugs/cve/2016/10093/heapoverflow.tiff
Binary files differdiff --git a/bugs/cve/2016/10094/heapoverflow.tiff b/bugs/cve/2016/10094/heapoverflow.tiff
new file mode 100644
index 0000000..a079e7b
--- /dev/null
+++ b/bugs/cve/2016/10094/heapoverflow.tiff
Binary files differdiff --git a/bugs/cve/2016/10266/fpe.tiff b/bugs/cve/2016/10266/fpe.tiff
new file mode 100644
index 0000000..215c682
--- /dev/null
+++ b/bugs/cve/2016/10266/fpe.tiff
Binary files differdiff --git a/bugs/cve/2016/10267/fpe.tiff b/bugs/cve/2016/10267/fpe.tiff
new file mode 100644
index 0000000..8c7b02e
--- /dev/null
+++ b/bugs/cve/2016/10267/fpe.tiff
Binary files differdiff --git a/bugs/cve/2016/10268/heapoverflow.tiff b/bugs/cve/2016/10268/heapoverflow.tiff
new file mode 100644
index 0000000..9408079
--- /dev/null
+++ b/bugs/cve/2016/10268/heapoverflow.tiff
Binary files differdiff --git a/bugs/cve/2016/10270/heapoverflow.tiff b/bugs/cve/2016/10270/heapoverflow.tiff
new file mode 100644
index 0000000..1dceea1
--- /dev/null
+++ b/bugs/cve/2016/10270/heapoverflow.tiff
Binary files differdiff --git a/bugs/cve/2016/10271/heapoverflow.tiff b/bugs/cve/2016/10271/heapoverflow.tiff
new file mode 100644
index 0000000..9f311c1
--- /dev/null
+++ b/bugs/cve/2016/10271/heapoverflow.tiff
Binary files differdiff --git a/bugs/cve/2016/10272/heapoverflow.tiff b/bugs/cve/2016/10272/heapoverflow.tiff
new file mode 100644
index 0000000..faba71d
--- /dev/null
+++ b/bugs/cve/2016/10272/heapoverflow.tiff
Binary files differdiff --git a/bugs/cve/2017/5225/2656.tiff b/bugs/cve/2017/5225/2656.tiff
new file mode 100755
index 0000000..506ca1a
--- /dev/null
+++ b/bugs/cve/2017/5225/2656.tiff
Binary files differdiff --git a/bugs/cve/2017/5225/2657.tiff b/bugs/cve/2017/5225/2657.tiff
new file mode 100755
index 0000000..33a5356
--- /dev/null
+++ b/bugs/cve/2017/5225/2657.tiff
Binary files differdiff --git a/bugs/cve/2017/7595/fpe.tiff b/bugs/cve/2017/7595/fpe.tiff
new file mode 100644
index 0000000..100ed51
--- /dev/null
+++ b/bugs/cve/2017/7595/fpe.tiff
Binary files differdiff --git a/bugs/cve/2017/7599/outside-short.tiff b/bugs/cve/2017/7599/outside-short.tiff
new file mode 100644
index 0000000..69e4551
--- /dev/null
+++ b/bugs/cve/2017/7599/outside-short.tiff
Binary files differdiff --git a/bugs/cve/2017/7600/outside-unsigned-char.tiff b/bugs/cve/2017/7600/outside-unsigned-char.tiff
new file mode 100644
index 0000000..bc9d333
--- /dev/null
+++ b/bugs/cve/2017/7600/outside-unsigned-char.tiff
Binary files differdiff --git a/bugs/cve/2017/7601/shift-long.tiff b/bugs/cve/2017/7601/shift-long.tiff
new file mode 100644
index 0000000..b2af417
--- /dev/null
+++ b/bugs/cve/2017/7601/shift-long.tiff
Binary files differdiff --git a/loftix/bugs.scm b/loftix/bugs.scm
index d6adce9..91bf15e 100644
--- a/loftix/bugs.scm
+++ b/loftix/bugs.scm
@@ -227,6 +227,45 @@
                  ;; Tests fail with ASan enabled^
                  #:tests? #f))))
 
+(define-public libtiff-4.0.7
+  (package
+    (inherit libtiff)
+    (version "4.0.7")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "ftp://download.osgeo.org/libtiff/tiff-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "06ghqhr4db1ssq0acyyz49gr8k41gzw6pqb6mbn5r7jqp77s4hwz"))))
+    (outputs '("out"))))
+
+(define-public libtiff-4.0.7-asan
+  (package
+    (inherit libtiff-4.0.7)
+    (arguments '(#:make-flags '("CFLAGS=-O2 -g -fsanitize=address"
+                                "LDFLAGS=-static -fsanitize=address")))))
+
+(define-public libtiff-4.0.7-ubsan
+  (package
+    (inherit libtiff-4.0.7)
+    (arguments '(#:make-flags
+                 (list (string-append
+                         "CFLAGS=-O2 -g -fsanitize=undefined"
+                         " -fno-sanitize-recover=undefined")
+                       "LDFLAGS=-static -fsanitize=undefined")
+                 ;; Tests fail with ubsan enabled^
+                 #:tests? #f))))
+
+(define-public libtiff-4.0.7-ubsan-float-cast-overflow
+  (package
+    (inherit libtiff-4.0.7)
+    (arguments '(#:make-flags
+                 (list (string-append
+                         "CFLAGS=-O2 -g -fsanitize=float-cast-overflow"
+                         " -fno-sanitize-recover=float-cast-overflow")
+                       "LDFLAGS=-static -fsanitize=float-cast-overflow")))))
+
 (define-public libxml2-2.9.0-asan
   (package
     (inherit libxml2-2.9.3-asan)